SRX5800 Services Gateway System Overview
SRX5800 Services Gateway Description
The SRX5800 Services Gateway is a high-performance, highly scalable, carrier-class security device with multi-processor architecture.
The services gateway provides 12 slots that you can populate with 2 or 3 Switch Control Boards (SCBs) and up to 12 additional cards of the following types:
Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.
Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to your network.
I/O cards (IOCs) provide Ethernet interfaces that connect the services gateway to your network.
Flex IOCs are similar to IOCs, but have slots for port modules that allow you greater flexibility in adding different types of Ethernet ports to your services gateway.
For detailed information about the cards supported by the services
gateway, see the SRX5400, SRX5600, and SRX5800 Services Gateway Card Reference
Benefits of the SRX5800 Services Gateway
The SRX5800 Services Gateway is the market-leading security solution supporting up to 1.2 Tbps firewall throughput and latency as low as 32 microseconds for stateful firewall, 395 million concurrent sessions, and 1 Tbps IPS.
Equipped with the full range of advanced security services, massive performance, scalability, and flexibility make the SRX5800 ideal for securing large enterprise, hosted, or colocated data centers, mobile operator environments, densely consolidated processing environments, cloud and managed service providers.
IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.
Content Security UTM Capabilities - The UTM services offered on the SRX5000 line of Services Gateways include industry-leading antivirus, antispam, content filtering, and additional content security services.
The UTM services provide sophisticated protection from:
Antivirus experts against malware attacks that can lead to data breaches and lost productivity.
Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network to help maintain bandwidth.
Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:
Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.
Proactively blocks malware communication channels.
The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
Single pane-of-glass management with Security Director and JSA Series integration.
SRX5800 Services Gateway Field-Replaceable Units
Field-replaceable units (FRUs) are services gateway components that can be replaced at the customer site. The services gateway uses the following types of FRUs:
Table 1 lists the FRUs of the services gateway and the action to perform to install, remove, or replace an FRU.
Table 1: Field-Replaceable Units
Field-Replaceable Units (FRUs)
You need not power off the services gateway to install, remove, or replace any of these FRUs.
AC and DC power supplies (if redundant)
SFP and XFP transceivers
Power off the services gateway to install, remove, or replace any of these FRUs.
Port modules of the Flex IOCs
SRX5800 Services Gateway Component Redundancy
The following major hardware components are redundant:
Switch Control Boards (SCBs)—The SRX5800 Services Gateway has two SCBs installed and you can install a third SCB for switch fabric redundancy. The SCB of the host subsystem functions as the primary and the others function as backup. If the SCB of the host subsystem fails, one of the other SCBs takes over as the primary.
The SRX5800 Services Gateway supports a redundant SCB, provided the SCB is a SRX5K-SCBE (SCB2) running Junos OS Release 12.1X47-D15 and later, or a SRX5K-SCB3 (SCB3) running Junos OS Release 15.1X49-D10 and later.
The SRX5800 Services Gateway does not support a redundant SCB (third SCB) card if SRX5K-SPC-4-15-320 (SPC2) is installed with SCB1 (SRX5K-SCB). If you have installed a SPC2 on a SRX5800 Services Gateway with a redundant SCB1 card, make sure to remove the redundant SCB1 card.
Power supplies—When powered by standard-capacity AC power supplies, a minimum of three power supplies are required to supply power to a fully configured services gateway. All AC power supplies share the load evenly. The addition of a fourth power supply provides full power redundancy. If one power supply fails in a redundant configuration, the three remaining power supplies provide full power.
When powered by DC power supplies or high-capacity AC power supplies, two power supplies are required to supply power to a fully configured services gateway. One power supply supports approximately half of the components in the services gateway, and the other power supply supports the remaining components. The installation of two additional power supplies provides full power redundancy. If one or two power supplies fail, the remaining power supplies can provide full power to the services gateway.
Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the services gateway indefinitely.